公众号自动发布
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says—create WeChat Official Account drafts—but users should notice that it uses account credentials, uploads selected content/media to WeChat, and documents optional scheduled automation.
Install only if you are comfortable giving the skill WeChat Official Account API credentials. Verify the article HTML, digest, title, and cover image path before running it, keep the .env file private, and use the cron example only if you intentionally want recurring automated draft creation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process with access to those environment variables could potentially use the WeChat app credentials to create drafts or upload materials for that account.
The skill requires WeChat account credentials and recommends exporting them into the shell environment. This is expected for the WeChat API, but it grants delegated access to the configured Official Account and is broader than the registry metadata indicates.
WECHAT_APPID=你的AppID WECHAT_SECRET=你的AppSecret ... set -a; source ~/.openclaw/workspace/skills/mp-draft-push/.env; set +a
Store the .env file carefully, avoid exposing the secret broadly, rotate the secret if it is leaked, and confirm the OpenClaw credential/env metadata before relying on it.
If the wrong path or article content is supplied, the skill may upload unintended media or create an unwanted draft in the WeChat account.
The helper script uploads a caller-supplied local file path as WeChat media and posts the draft JSON to WeChat. This is the core purpose of the skill, but it is still an account-changing file-upload/API action.
curl -s -X POST "https://api.weixin.qq.com/cgi-bin/material/add_material?access_token=${token}&type=image" -F "media=@${image_path}"
...
curl -s -X POST "https://api.weixin.qq.com/cgi-bin/draft/add?access_token=${token}" ... -d @"${json_file}"Use this skill only with intended article content and cover image paths, and inspect the created WeChat draft before publishing it publicly.
If enabled, the account may receive new AI-generated drafts on the schedule until the cron job is removed.
The README documents an optional persistent scheduled job that would invoke draft creation automatically. It is user-directed and disclosed, but it changes the skill from on-demand use to recurring autonomous operation.
openclaw cron add \ --name "daily-mp-push" \ --cron "0 9 * * *" \ --message "生成今日 AI 简报并发布到草稿箱;不要提问,直接执行" ... Cron 需要 OpenClaw Gateway 常驻运行。
Enable the cron example only if you want ongoing automation, and consider adding a review/notification step before creating or publishing any generated content.
A user may need to create the .env file manually and should not assume credential-protection files are present unless they verify them locally.
The README relies on referenced setup/ignore files for credential handling, while the provided manifest only includes SKILL.md, README.md, and scripts.sh. This is a setup/provenance gap rather than evidence of malicious behavior.
cp .env.example .env ... `.env` 已加入 `.gitignore`,不会提交到仓库
Before adding WeChat secrets, confirm that .env is excluded from version control or store the credentials outside the skill directory.